Exchange 2010 Remote Administration via PowerShell RRS feed

  • Question

  • Okay, I know there are 101 ways to remotely manage Exchange both through the shell and the console, but here's my way...

    I have a script that provisions new users by first creating an AD account, making several other AD changes, then enabling a mailbox for the user.  I want to be able to run this script from a workstation logged on with a regular non-administrative user account, meaning I want to prompt the user for domain admin creds using get-credential, then use that to run the rest of the functions in the script.  Now, this isn't an issue with the AD functions because I use the Quest tools and they have a connect-qadservice cmdlet that has a -credential parameter.  However, Exchange's connect-exchangeserver function does not have this parameter as an option.  Is there a workaround for this?  I know the enable-mailbox cmdlet has that parameter but the one I need in particular is set-casmailbox - this does not have the -credential parameter as an option.

    I'm trying to avoid using implicit remoting as much as possible - I always consider that to be a last resort since it's cumbersome at best, and obviously I'd like to avoid the "run as" option.  These are both okay as workarounds, but I'm looking for an actual solution since I use this on a daily basis.  I initially posted in the server forum but it was apparently a little out of their league and I was instructed to instead post in the dev forum.  Any help is much appreciated!

    Tuesday, September 18, 2012 12:50 PM

All replies

  • Hello. If I understand your requirements, this could work for you...

    At the beginning of your script, initiate a new session to an Exchange server via New-PSSession. This cmdlet has an option for specifying credentials (see http://technet.microsoft.com/cs-CZ/library/dd347668.aspx).
    Either you can get some with Get-Credential, or you can add the current user some Exchange provileges using RBAC (for example Mail Recipient Creation; for the list of built-in RBAC roles see http://technet.microsoft.com/en-us/library/dd298116.aspx).

    You should be able to use Quest tools as usually even in this case.

    Wednesday, September 19, 2012 7:12 AM
  • Yes but again, I'm trying to avoid using implicit remoting if possible since I've had problems with it in the past (some cmdlets do not work, errors are misleading, etc.).  I was hoping to find something a little more elegant and purpose-built if possible.
    Wednesday, September 19, 2012 12:35 PM
  • To clarify, I've had issues in the past running scripts that use implicit remoting.  But hey, maybe I'm doing something wrong (it's happened before :)
    Thursday, September 20, 2012 1:42 PM